Ensuring Technical Readiness For Copilot in Microsoft 365
Integrating Qualys into the patch and vulnerability management processes
1. INTEGRATING QUALYS INTO
THE PATCH AND
VULNERABILITY MANAGEMENT
PROCESSES
Vladimir Jirasek
Blog: JirasekOnSecurity.com
Bio: About.me/jirasek
10th Nov 2011
2. About me
• Security professional (11 years)
• Founding member and steering group member of
(Common Assurance Maturity Model) CAMM (common-
assurance.com)
• Director, CSA UK & Ireland
• I love reading books: thrillers (Clive Cussler) and
business management (Jo Owen)
3. I will cover topics today
• How Qualys fits into the Security technology stack
• Experiences from Qualys implementations
• Integration into IT operations processes
• Using MSSP
4. Security technology stack and Qualys
• Feed into the SIEM
• Metrics from Qualys and Threat
enterprise portal intelligence
GRC
• Pattern matching in
Information & Event Configuration
Identity, Entitlement, Acce
Mgmt compliance
Cryptography
Data Security • Web application
scanning
ss
Application Security • Browser Check
Host Security • Patch assessment
• Configuration
Network Security compliance
Physical Security
• SSL Server test
5. Experiences with Qualys
• Easy deployment of non- • Configuration
authenticated scanning compliance – manual
• Resistance from IT configuration. Start small
admins to give and grow controls
root/server admin • Limited Oracle
credentials compliance scanning
• Do not scan through adoption
firewalls • Vulnerability reporting –
• CMDB usually treat vulnerabilities as
inaccurate – using quality issues
Qualys map/scan to • Browser check –
populate excellent tool but
requires user action
6. MSSP and Qualys
• Outsourcing just Qualys to MSSP low value
• Tools need to be used by IT Ops
• MSSP add value when vulnerability data correlated with
information sources
• Firewall rules
• Routing
• Threat intelligence
• CMDB – business criticality
• IDS data
• Anit-malware status
7. Integration into IT ops processes
• Security is a quality aspect
• Map security criticality levels to those in Ops
change/incident process
• Responsibility for patching and correction of non-
compliance sits with the asset owner
• But the risk management and escalation sits with security
team – risk sign-off based on risk level
Notes de l'éditeur
Areas support each other, all feed into SIEM and GRC